I only use a Windows VM For our ancient (in computer terms) Canon LIDE 60 scanner which seems to work best there (linux produces highly grey contrasted scans).

For all of our scanned documents from the scanner, I have it mapped to a network drive via Samba Shares. Since you are using Fedora, I think you may already have Cockpit installed. This makes it a lot easier and is a web gui to manage servers. You can usually access it on your Desktop via https://localhost.9090 Then you would need to install 45 Drives File Sharing plugin and setup a SAMBA share.

From the Windows VM, just map to the same workgroup you set in the SAMBA Share you created and give it a drive ID such as F:

You can always use something like SSHwifty It retains your logins through your browser’s session data and never on your server, but it will allow you to remote into your local system from anywhere on the WWW if you desire to do so. With Tailscale, once you are connected into your Tailnet, you can pretty much SSH into any of your devices as long as the subnet sharing flag is turned on I believe. I’ve never had any issues with mine not allowing any SSH connections.

If after 9pm M-F, and I plug it into AC Power (Not USB on desktop), then it mutes all system sounds until I unplug it from the AC power. During said time, if certain people call, it raises the ringer to full so I can answer it.

I still have this enabled, but rarely ever use it, it came in handy about a year ago though - when near any of the WiFi hotspots at my work, then turn volume off, upon leaving the range, volume comes back up. Also, enabled my work profile which set an Autonotification to set a timer on my phone and watch for my break and meal periods. I now am full time WFH, so neither of these come in to play.

While connected to Car bluetooth, cancel my work timers (above).

I was working on but had to put on pause, a Google Voice interceptor - the goal behind it is to auto use Google Voice to make outbound calls if you are not calling a contact in your list otherwise, if you called one of your contacts, it would use your normal phone number.

Taskernet share for above (Google Voice Robot) If link is broken, it should be searchable. It’s not guaranteed to work.

Homebox - before we relocate - whenever that is, I will be printing labels and putting them under and behind my stuff, scanning it into there and then will use that to keep track of our items after the move to know what is in which box etc.

NocoDB Self Hosted (I use this for a few things) - started out with my network ip’s I have on my servers and ports for my containers and most recently a sleep log.

Just a couple there.

Grafana + Prometheus dashboards can be quite addicting or useful. Noted.lol put together a nice tutorial for getting started.

For most of my services though, I simply use Uptime Kuma which then sends an alert to Gotify when my services go down or whatnot, Gotify then instantly notifies my phone so I can be aware. It helps keep the spouse happy when their go to service for some reason crashed. :)

From their readme. I asked about that last night and he replied an pointed me to it. :)

Kiosk mode

Kiosk mode can be activated by a checkbox on the page. Note that there is no way out of kiosk mode (except refresh or closing the browser), and the play/pause and other controls will not be available. This is deliberate as a browser’s kiosk mode it intended not to be exited or significantly modified.

It’s also possible to enter kiosk mode using a permalink. First generate a Permalink, then to the end of it add &kiosk=true. Opening this link will load all of the selected displays included in the Permalink, enter kiosk mode immediately upon loading and start playing the forecast.

I didn’t see IIS mentioned, but I didn’t take a close look at the code. They give you a docker run command to set it up, so I converted it to a docker compose file so I can run it later. All of this is running on a Debian 12 system, so if IIS is needed, I’d wager that is if you are running a Windows setup.

I have mine embedded in Home Assistant now as an iframe using the Kiosk mode setting which works.

Looks nice! I set mine up and have it as an Iframe in Home Assistant. The app is a fork from https://github.com/vbguyny/ws4kp with his demo site here: https://battaglia.ddns.net/twc That version has the music we all came to know and love from back then.

Authentik is my IDP provider so I put it in front of all my publicly facing Apps which support OIDC login. For example, I can log into my Portainer instance from an external network, but to do so, I log into Authentik First which sends it to my service.

For the apps which support HTTP headers, like I said, Pomerium acts as the service which passes my credentials to the device. I admit - Authentik does this also without the need for Pomerium, (through their flow settings) but I found Pomerium to be much easier to set up for this than Authentik and haven’t looked back or felt the need to change it.

With that, I use Pomerium for apps which accept a HTTP Headers, for example, my Fresh Tomato firmware flashed router, it has a HTTP dialog. This allows me to login from the road if I need to manage something like rebooting it or updating firewall rules etc.

My access flow is this :

router.example.com —> Cloudflare Tunnel —> Pomerium IP —>Authentik —> Router’s Gui.

It works flawlessly. I don’t often use it, but when I do, it helps. I also had it enabled for AdguardHome but moved to Technitium DNS which I prefer and that doesn’t have the HTTP Headers so it’s not fully compatible with Pomerium that I’m aware of.

I use Ferdium on my desktop and self host my server for it, then just add it through there. Works quite well. Plus, with Ferdium, I can add other services such as Discord, and Mastodon so, it’s sort of my go to hub for a lot of my social media.

I’ve always felt that we are like clumsy giants to them lumbering on throughout the home with the great strength and dexterity to manipulate objects. In spite of all of this they can swing from loving you to down right cold shoulders on a whim!

My obligatory cat tax. :)

For those that don’t want to go back to the Dark side (Reddit), the post referenced a theme (Grey Layout global theme) which got KDE Dev’s involved who in reaction removed the listing from the store.

In short - the theme ran code to run a rm -rf on the user’s drive which wiped everything during install. Aside from backing up your data religiously, be sure to inspect the code instead of blindly installing for now. KDE Dev’s said they will need to do better so I expect some changes are afoot to provide better security.

https://www.youtube.com/@cooptonian His Authentik videos are top notch and they (Authentik) have also had him make some for them. One of those videos, I can’t recall shows you how to do this, I think it may be the 2FA/MFA one. I use Authentik and can login with fingerprint login without using my UN/PW first. It’s pretty slick.

I am a former IT Desktop drone…er…support worker… I used to swap towers for my local municipality back when Windows XP was being replaced with 7. I saw passwords on post-its attached to the monitor, mouse pad, and even under the keyboard or keyboard drawer (I had to get under desks to do the swap). Our policy was to remove those whenever we saw them and trash them in a different can across the building or a different one. They have a standard 90 day password cycle and most people couldn’t handle that. I would answer the phone often to 'unlock" their account after 3 attempts. My all time favorite when I would help an end user with software was when I would encounter someone’s “God Mode” icon for some of the registry hacks that used to float around. Everyone had Admin privileges (ironically), so it wasn’t really needed anyway.

Their primary server admins and IT folks in the main office were Top notch though. Never any downtime and the main security guy was very strong in making sure everything was adhered to. We, as desktop support didn’t have the master password to decrypt a laptop which was GPG protected and had to bring it to him if we had a user which locked themselves out. With great consternation, only a few machines would be allowed to XP and those were VLAN’d and isolated from the outside world.

The rest of the server admins handled everything with ease seemingly. The fun part was when they had a third party come in and do a security audit. No problems on the server side, but it wasn’t a success. They did the 'ol drop a flash drive randomly in different locations test. Knowing human nature, they knew someone would pick it up, plug it in and be baited with an excel file which looked like it had financials. Unbeknownst to the user, it sent a ping to their reporting server and the drive ID. Which was later reported back. They also did physical security penetration tests - walk in behind you type of thing. I remember seeing a group of guys non company ID badges try to follow me into the main IT office. I stopped them and asked who they were and what they wanted (this was a Govt building), and the look of confusion mixed with satisfaction from them that I stopped them was priceless. I let the head IT guy know who was at the door and left it up to them to unlock it for them.

I now work in a help desk position for a software company and miss those days of desktop support. But, I know for a fact that I.T. Guys an Gals don’t get enough recognition. They are the understated backbone of a company’s well-being especially when holidays and weekends are prime time for systems to fail and they are practically on call no matter what.

I am testing it and it seems to run every 5 minutes to sync. Handles standard IMAP and POP inboxes. No auth for main page, so they caution appropriately to avoid public facing web exposure. They are planning on adding more support for Gmail and the like:

https://github.com/bandundu/email-archiver/issues/6

It installs by default in debug mode which may or may not be a red flag depending on your security model.

The email search is fast, but could use work, I will say it is VERY early in development. But for downloading email for later storage, it should do. It stores your e-mails in a SQLite database in the same directory as the installer, so if you want to manipulate the compose file a bit, it should be able to point to your desired storage directory. With that said, I also was able to add a TZ= directive so my logs at least are a bit cleaner with timestamps to match my timezone, something they have not added.

If you wish to access this remotely before they add a public facing login, protect it with a SSO solution or other front facing login setup so it would not be accessible. Or securely access it via Wireguard, TailScale, or Headscale.

I use Proxmox and don’t use Truenas. My setup is basically to install Cockpit on the host server via apt-get and then the 45 Drives cockpit-sharing plugin. This provides the NFS and Samba sharing I need and use. I host Home Assistant in a VM and Docker containers in a few LXC containers which host about 10 containers each. Then, in combination with https://tteck.github.io/Proxmox/ you can set up pretty much anything you need from there.

This is on in computer terms, ancient; a 13 year old Dell Optiplex 990 with 16gb Ram and software such as Authentik and Vaultwarden from different dedicated LXC containers. Never have any issues with overload of the system resources or running out of memory. It’s pretty much rock solid.

I have a policy - only those who should know my phone number is family and they are very strict about asking me before giving to anyone who asks. So, it’s usually not given. Then for businesses and other places which require a phone number, I use a Google Voice number. From doctors, to banks, or other places. I rarely get the scam calls.

HOWEVER

I get around 6-15 SPAM text messages daily. All 100% Political for Trump, Biden, Harris, or whatever scammer tries to get me to support on my non-shared number. A lot try to guilt you into “donating” to them too! I feel bad because while I won’t fall for it, I know many people already do. I have to use Google Messages to effectively block those automatically.

I have AT & T and complained to them about it to be told that I could change my number, but it would be $40.00 to do so. That’s a big scam in itself and I refused.

Of course it’s there now!!! Goes to figure!!! I was able to update the other machine to 6 and mine to the point release to 6.0.1 I haven’t checked the other one yet.

extra-testing in Arch? Not at least on my end. I’m still on 6.0.0

I’m honestly surprised that Arch hasn’t pulled plasma 6 out of unstable and into the mainstream yet. I have two Arch boxes and have mine updated using the unstable repo and extra-testing. The other machine without. The one without hasn’t picked up the Plasma 6 release yet.

Well…since Google is primarily an Ad company…

I just plug into the Private DNS settings dns.adguard-dns.com and run ad free. As for bloat- mine was infested with Facebook and other apps preloaded by Samsung, but it was easy enough to remove by long pressing and deleting it. They fortunately didn’t make them system apps.

With that said, if you are handy with android-tools such as ADB, you can place your phone in debug mode and issue adb commands to disable system apps. Pretty easy once you get the hang of it.